Transcription of Internal Control – Self Assessment Checklist
1 Internal Control self Assessment Checklist 1. Control Environment 1. Demonstrate Commitment to Integrity and Ethical Values 2. Exercise Oversight Responsibility 3. Establish Structure, Responsibility, and Authority 4. Demonstrate Commitment to Competence 5. Enforce Accountability 2. Risk Assessment 6. Define Objectives and Risk Tolerances 7. Identify, Analyze, and Respond to Risks 8. Assess Fraud Risks 9. Identify, Analyze, and Respond to Change 3. Control Activities 10. Design Control Activities 11. Design Activities for the Information System 12.
2 Implement Control Activities 4. Information and Communication 13. Use Quality Information 14. Communicate Internally 15. Communicate Externally 5. Monitoring 16. Perform Monitoring Activities 17. Evaluate Issues and Remediate Deficiencies Evaluation the factors below using the 5 to 1 scale, where 5 means Completely Agree and 1 means Completely Disagree Assessment Factor Indication of Controls 12345 a) Tone at the top. Management demonstrates the importance of integrity and ethical values through their directives, attitudes, and behavior.
3 B) Standards of conduct. Management establishes standards of conduct to communicate expectations concerning integrity and ethical values. c) Adherence to standards of conduct. Management establishes processes to evaluate performance against the entity s expected standards of conduct and evaluates adherence to the standards of conduct. Assessment Factor Indication of Controls 12345 a) Oversight structure. There is an oversight body that oversees operations, provides constructive feedback to management, and informs decision-making to ensure that objectives are met and in alignment with the entity s integrity and ethical values.
4 B) Oversight for the Internal Control system. The oversight body oversees management s design, implementation, and operation of the Internal Control system, including the Control environment, risk Assessment , Control activities, information and communication, and monitoring. c) Input for remediation and deficiencies. The oversight body provides input to management s plans for remediation of deficiencies in the Internal controls and is responsible for overseeing the remediation of deficiencies. Assessment Factor Indication of Controls 12345 a) Organizational structure.
5 Management establishes an organizational structure that is appropriate to plan, execute, Control , and assess its ability to achieve its objectives. Lines of reporting are clear and defined at all levels so that communication can flow down, across, up, and around. b) Assignment of responsibility and delegation of authority. Management assigns responsibilities and delegates authority to key roles throughout the office/unit. c) Documentation of the Internal Control system. Management develops and maintains documents of its Internal Control system so that the components of Internal Control can be designed, implemented, and operate effectively.
6 Section 1 Control Environment 1 - Demonstrate Commitment to Integrity and Ethical Values2 Exercise Oversight Responsibility 3 Establish Structure, Responsibility, and Authority4 Demonstrate Commitment to Competence Assessment Factor Indication of Controls 12345 a) Expectations of competence. Management establishes responsibilities and expectations that are clearly defined in writing and communicated as appropriate. b) Recruitment, development, and retention of individuals. Management recruits, develops, and retains competent personnel to achieve desired objectives.
7 C) Succession and contingency plans and preparation. Management defines succession plans to address the need to replace competent personnel over the long term, as well as contingency plans to address the need to respond to sudden personnel changes that could compromise the Internal Control system. Assessment Factor Indication of Controls 12345 a) Enforcement of accountability. Management holds personnel accountable for performing Internal Control responsibilities through mechanisms such as performance appraisals and disciplinary actions.
8 B) Consideration of excessive pressures. Management evaluates pressure on personnel and reduces or rebalances workloads when necessary. Assessment Factor Indication of Controls 12345 a) Definition of objectives. Management defines objectives in specific and measurable terms to enable the design of Internal Control for related risks. b) Definitions of risk tolerances. Management defines the acceptable level of variation in performance relative to the achievement of objectives. Assessment Factor Indication of Controls 12345 a) Identification of risks.
9 Management has a process for analyzing risks, including both inherent and residual risk, and considers Internal and external risk factors. b) Analysis of risks. Management has a process to estimate the significance of the identified risks and their effect on achieving the defined objectives. c) Response to risks. Management has specific actions to respond to the analyzed risk. 5 Enforce Accountability Section 2 Risk Assessment 6 Define Objectives and Risk Tolerances 7 Identify, Analyze, and Respond to Risks Assessment Factor Indication of Controls 12345 a) Types of fraud.
10 Management considers the types of fraud that can occur ( , fraudulent financial reporting, misappropriation of assets, corruption), as well as other forms of misconduct (such as waste and abuse). b) Fraud risk factors. Management considers fraud risk factors (incentive/pressure, opportunity, and attitude/rationalization) and uses this information to identify fraud risk. c) Response to fraud risks. Management performs a risk analysis to identify fraud risk and responds to fraud risk so they are effectively mitigated.